{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-05T02:47:29.291","vulnerabilities":[{"cve":{"id":"CVE-2024-57843","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2025-01-11T15:15:07.170","lastModified":"2025-09-24T18:41:29.500","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio-net: fix overflow inside virtnet_rq_alloc\n\nWhen the frag just got a page, then may lead to regression on VM.\nSpecially if the sysctl net.core.high_order_alloc_disable value is 1,\nthen the frag always get a page when do refill.\n\nWhich could see reliable crashes or scp failure (scp a file 100M in size\nto VM).\n\nThe issue is that the virtnet_rq_dma takes up 16 bytes at the beginning\nof a new frag. When the frag size is larger than PAGE_SIZE,\neverything is fine. However, if the frag is only one page and the\ntotal size of the buffer and virtnet_rq_dma is larger than one page, an\noverflow may occur.\n\nThe commit f9dac92ba908 (\"virtio_ring: enable premapped mode whatever\nuse_dma_api\") introduced this problem. And we reverted some commits to\nfix this in last linux version. Now we try to enable it and fix this\nbug directly.\n\nHere, when the frag size is not enough, we reduce the buffer len to fix\nthis problem."},{"lang":"es","value":"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: virtio-net: se corrige el desbordamiento dentro de virtnet_rq_alloc Cuando el fragmento acaba de obtener una página, puede provocar una regresión en la máquina virtual. Especialmente si el valor de sysctl net.core.high_order_alloc_disable es 1, entonces el fragmento siempre obtiene una página cuando se rellena. Lo que podría provocar fallos fiables o fallos de SCP (enviar un archivo de 100 M de tamaño a la máquina virtual). El problema es que virtnet_rq_dma ocupa 16 bytes al principio de un nuevo fragmento. Cuando el tamaño del fragmento es mayor que PAGE_SIZE, todo está bien. Sin embargo, si el fragmento es solo una página y el tamaño total del búfer y virtnet_rq_dma es mayor que una página, puede producirse un desbordamiento. El commit f9dac92ba908 (\"virtio_ring: habilitar el modo premapeado sea cual sea el uso de_dma_api\") introdujo este problema. Y revertimos algunas confirmaciones para solucionar este problema en la última versión de Linux. Ahora intentamos habilitarlo y solucionar este error directamente. Aquí, cuando el tamaño del fragmento no es suficiente, reducimos la longitud del búfer para solucionar este problema."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-191"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.6.66","matchCriteriaId":"90A079EF-8212-45DF-84FB-C525A64635B0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.5","matchCriteriaId":"9501D045-7A94-42CA-8B03-821BE94A65B7"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/67a11de8965c2ab19e215fb6651d44847e068614","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6aacd1484468361d1d04badfe75f264fa5314864","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a8f7d6963768b114ec9644ff0148dde4c104e84b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}}]}